Security

This article is more than 1 year old

Cyber crims put feet up for Chrimbo: 2014's seasonal retail breaches fell

The bad news? Attacks are continuing to evolve

Wed 7 Jan 2015 // 14:03 UTC

Shoppers flocked online for retail bargains during Black Friday and Cyber Monday 2014, but cyber criminals seemingly decided not to join the scrum.

Despite a record-breaking surge in online shopping during late November’s online discount binge, cyber breaches actually fell, according to IBM.

That’s the good news. The bad?

Retail is now the crooks’ number-one target for attacks, with their tactics for online assaults becoming more sophisticated.

The message for retailers is clear: don’t become complacent. Also, look out for gaps in your systems that may have been overlooked.

Daily cyber attacks were down nearly a third between 24 November to 5 December to 3,043, according to IBM’s managed security services team.

Breaches fell by more than half for Black Friday and Cyber Monday - the two busiest shopping days of the year, and which this year broke records as retailers maxed out on offers and discounts.

IBM reported just 10 disclosed breaches resulting in 72,000 compromised records. But rather than give up on retail, attackers are doubling down.

Retail shot to the top of hackers target list during 2014, elbowing aside manufacturing, which had been the preferred target.

IBM doesn’t account for the surge, but retail’s profile has increased thanks to recent headline-grabbing attacks on Home Depot and Target in the US that saw details of more than 120m shoppers slurped from POS terminals.

Most attackers are thinking small - far smaller than the Home Depot and Target jobs.

According to IBM, the number of incidents involving the loss of less than 10m records increased by more than 43 per cent last year.

The tactics are also changing: online, Secure Shell Brute Force was the top weapon of 2014 displacing king-pin malicious code.

While POS attacks at Home Depot and Target were big in the headlines, the vast majority of attacks were done using Command Injection or SQL Injection.

Command Injection was used in nearly 6,000 attacks on retailers during 2014.

Criminals capitalised on weak points overlooked in complex SQL deployments and sysadmins not performing necessary data validation.

Shellshock – the Bash Unix vulnerability uncovered last year – also got a look-in along with BlackPOS, which felled Home Depot. ®

More about

COMMENTS

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Security

Cyber crims put feet up for Chrimbo: 2014's seasonal retail breaches fell

The bad news? Attacks are continuing to evolve

More about

TIP US OFF

Other stories you might like

Qt Ubuntu 24.04 betas show that there's room to innovate

AI energy draw from Chicago datacenters to rise ninefold

WhatsApp, Threads, more banished from Apple App Store in China

A different view from the edge

Unintended acceleration leads to recall of every Cybertruck produced so far

A quarter of 5-7 year olds now use smartphones, says regulator

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

Germany cuffs alleged Russian spies over plot to bomb industrial and military targets

Wing Commander III changed how the copy hotkey works in Windows 95

Some smart meters won't be smart at all once 2/3G networks mothballed

Your trainee just took down our business and has no idea how or why

UK unions publish AI bill to protect workers from 'risks and harms' of tech

About Us

Our Websites

Your Privacy